• [ CTF ] WriteUp- 2022年第三届“网鼎杯”网络安全大赛(白虎组)

    2022年第三届“网鼎杯”网络安全大赛(白虎组)部分题目附件

    文章目录

    【Misc】misc620

    在这里插入图片描述
    压缩包有密码,盲猜纯数字进行爆破,得到密码:
    在这里插入图片描述
    在这里插入图片描述
    得到两个文件,flag.7z依然有密码,从csv文件中找
    在这里插入图片描述
    发现这有点像base编码后的
    在这里插入图片描述
    解码后得到,尝试解压缩
    解压缩后得到
    在这里插入图片描述
    在这里插入图片描述
    百度翻译没有结果,换工具。
    在这里插入图片描述
    flag{d2112923-78d6-4064-977c-b73297dc4491}

    【Crypto】crypto582

    在这里插入图片描述

    c1 =  85139434329272123519094184286276070319638471046264384499440682030525456122476228324462769126167628121006213531153927884870307999106015430909361792093581895091445829379547633304737916675926004298753674268141399550405934376072486086468186907326396270307581239055199288888816051281495009808259009684332333344687
c2 =  104554808380721645840032269336579549039995977113982697194651690041676187039363703190743891658905715473980017457465221488358016284891528960913854895940235089108270134689312161783470000803482494370322574472422461483052403826282470850666418693908817591349159407595131136843764544166774390400827241213500917391144
c3 =  94771625845449128812081345291218973301979152577131568497740476123729158619324753128517222692750900524689049078606978317742545997482763600884362992468406577524708622046033409713416026145377740182233674890063333534646927601262333672233695863286637817471270314093720827409474178917969326556939942622112511819330
x =  78237329408351955465927092805995076909826011029371783256454322166600398149132623484679723362562600068961760410039241554232588011577854168402399895992331761353772415982560522912511879304977362225597552446397868843275129027248765252784503841114291392822052506837132093960290237335686354012448414804030938873765
y =  100442166633632319633494450595418167608036668647704883492068692098914206322465717138894302011092841820156560129280901426898815274744523998613724326647935591857728931946261379997352809249780159136988674034759483947949779535134522005905257436546335376141008113285692888482442131971935583298243412131571769294029
z =  104712661985900115750011628727270934552698948001634201257337487373976943443738367683435788889160488319624447315127992641805597631347763038111352925925686965948545739394656951753648392926627442105629724634607023721715249914976189181389720790879720452348480924301370569461741945968322303130995996793764440204452
from gmpy2 import *
e=2022


m=11323698514369171934509485270187482800747906221592420578818277215318591065610272211939730721658555842676447236708557849309772868815154841226050491067608493
print(m.bit_length())
m1=(x-2022)%m
m2=(y-2022)%m
m2=m2+m

cc1 = pow(m+m1,e,m*m1)
cc2 = pow(m+m2,e,m*m2)
cc3 = pow(m1+m2,e,m1*m2)
assert cc1==c1
assert cc2==c2
assert cc3==c3
xx = pow(m1+2022,m,m*m1)
yy = pow(m2+2022,m,m*m2)
zz = pow(m+2022,m1,m*m1)
assert x==xx
assert y==yy
assert z==zz
import hashlib
flag = m + m1 + m2
flag = hashlib.md5(str(flag).encode('utf-8')).hexdigest()
print("flag{"+flag+"}")

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32

    flag{27979a70ef9152b759d9340779256dc8}

    【Crypto】crypto581

    在这里插入图片描述

    from crypt import crypt
from gmpy2 import *
from functools import reduce

def crack_unknown_increment(states, modulus, multiplier):
    increment = (states[1] - states[0]*multiplier) % modulus
    return modulus, multiplier, increment

def crack_unknown_multiplier(states, modulus):
    multiplier = (states[2] - states[1]) * invert(states[1] - states[0], modulus) % modulus
    return crack_unknown_increment(states, modulus, multiplier)

def crack_unknown_modulus(states):
    diffs = [s1 - s0 for s0, s1 in zip(states, states[1:])]
    zeroes = [t2*t0 - t1*t1 for t0, t1, t2 in zip(diffs, diffs[1:], diffs[2:])]
    modulus = abs(reduce(gcd, zeroes))
    return crack_unknown_multiplier(states, modulus)

s=[150532854791355748039117763516755705063,
335246949167877025932432065299887980427,
186623163520020374273300614035532913241,
215621842477244010690624570814660992556,
220694532805562822940506614120520015819,
17868778653481346517880312348382129728,
160572327041397126918110376968541265339]
n,a,b=crack_unknown_modulus(s)
c = 114514
e = int(2e8)

mod=10 ** 10000

M=matrix(Zmod(mod),[[b,a*c,1],
                            [0,c,0],
                            [0,0,1]])
C=matrix(Zmod(mod),[[1,1,n]])
C=C.T
s=(M^e)*C
sol = str(s[0])[1:10001]
from hashlib import md5
enc=b'UUV\x04H\x01T\x01P\x03\t\x04\t\x1fW\x00T\x02LRSPT\x1d\x02\x02^\x01N[\\R\x02\tSV\x07\x06P\x01QK'
sol_md5 = md5(sol.encode()).hexdigest()
print(len(enc))
print(len(sol_md5))
from Crypto.Util.strxor import *
print(strxor((2*sol_md5.encode())[:42],enc))

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35
    • 36
    • 37
    • 38
    • 39
    • 40
    • 41
    • 42
    • 43
    • 44
    • 45

    flag{650e5058-6106-4a10-a2fc-b9110d54110d}

  • 相关阅读:
    大型医院容灾备份平台建设与应用实践
    安装插件失败,getaddrinfo ENOENT raw.githubusercontent.com 报错
    Wireshark 提示和技巧 | 如何匿名化数据包
    性能优化:上移下移业务高效率的实现思路
    6个步骤强化 CI/CD 安全
    不会接口测试?用Postman轻松入门(八下)——请求结果断言方法
    SpringBoot框架实现简单定时任务
    大数据面试重点之kafka(七)
    2023年【四川省安全员A证】复审考试及四川省安全员A证考试试题
    【多区域电力系统模型】三区域电力系统的LQR和模糊逻辑控制(Matlab代码实现)
  • 原文地址:https://blog.csdn.net/ZXW_NUDT/article/details/126582089